Commit Graph

12 Commits

Author SHA1 Message Date
Christian Blichmann
ca6ec4337d Add workaround for active Tomoyo LSM
Recenly, Debian based distribution kernels started activating the Tomoyo Linux
Security Module by default. Even if it is not used, this changes the behavior
of `/dev/fd` (pointing to `/proc/self/fd` by default), which Sandbox2 needs during
`execveat()`.

As a result, Sandbox2 and Sandboxed API always fail without one of the following
conditions
- `/proc` mounted within the sandboxee
- `/dev` mounted
- `/dev/fd` symlinked to `/proc/self/fd` in the sandboxee's mount namespace

Some code pointers to upstream Linux 5.12.2:
- https://elixir.bootlin.com/linux/v5.12.2/source/fs/exec.c#L1775
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/tomoyo.c#L107
- https://elixir.bootlin.com/linux/v5.12.2/source/security/tomoyo/domain.c#L729

To find out whether your system has Tomoyo enabled, use this command, similar to
what this change does in code:

```
$ cat /sys/kernel/security/lsm | grep tomoyo && echo "Tomoyo active"
capability,yama,apparmor,tomoyo
Tomoyo active
```

The config setting `CONFIG_DEFAULT_SECURITY` controls which LSMs are built into
the kernel by default.

PiperOrigin-RevId: 372919524
Change-Id: I2181819c04f15f57d96c44ea9977d0def4a1b623
2021-05-10 07:04:04 -07:00
bielec
5a4e3f3d29 Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
PiperOrigin-RevId: 296206385
Change-Id: I53b23122abece1fe318ed4c6a7e37bf3228c8f5f
2020-02-20 07:45:44 -08:00
Sandboxed API Team
05280287e0 Automated rollback of commit 800339d672.
PiperOrigin-RevId: 294644781
Change-Id: I88ad35abd96468476294039a41b6f2a8234db6ca
2020-02-17 10:39:08 +01:00
bielec
800339d672 Now network proxy server supports IP filtering. API to policybuilder is added to make a list of allowed pairs of allowed IP, mask and port where mask and port are optional.
PiperOrigin-RevId: 294640297
Change-Id: I4c6520685a658f8b7762af238588830f71b3f54a
2020-02-17 10:38:44 +01:00
Christian Blichmann
441201884a Update license header with recommended best practices
PiperOrigin-RevId: 290250533
Change-Id: Ic34b253446463cf971a055b70a242df93a598ee3
2020-01-17 05:05:29 -08:00
Sandboxed API Team
418ad07086 Initialize std::atomic_flag members
PiperOrigin-RevId: 258309720
Change-Id: Id9cb6ee627c0aea11bbbabfcab10731e2235e534
2019-07-15 23:59:24 -07:00
Wiktor Garbacz
34d17b77ac Remove dead code
IPC always creates comms object from a fd.

PiperOrigin-RevId: 248683525
Change-Id: Ib4285ec0494d551257237c12f92f983b943205cb
2019-05-17 02:02:03 -07:00
Wiktor Garbacz
7294e9976e Replace custom synchronization with absl::Notification
PiperOrigin-RevId: 248334969
Change-Id: I7614a3792babd399912c5d5a167ab5e0a0574d20
2019-05-15 08:09:56 -07:00
Wiktor Garbacz
6588aa2a68 Reintroduce monitor changes.
Signal handling in Monitor::MainLoop was fixed.

PiperOrigin-RevId: 248331692
Change-Id: I0f85d319802258632d2074742c53597bb922555a
2019-05-15 07:46:49 -07:00
Sandboxed API Team
63f0adbfbb Revert of monitor code update.
PiperOrigin-RevId: 247255592
Change-Id: I3656ea1628418321b1b8b02660b6a51a58c2c61f
2019-05-08 11:34:26 -07:00
Wiktor Garbacz
3f5360a7bc Simplify monitor code.
Make setting result code the condition for main loop exit.

PiperOrigin-RevId: 247218505
Change-Id: I8699012683bc301e8a9f4f41cd5ab018e3cd514c
2019-05-08 08:34:56 -07:00
Christian Blichmann
177b969e8c
Sandboxed API OSS release.
PiperOrigin-RevId: 238996664
Change-Id: I9646527e2be68ee0b6b371572b7aafe967102e57

Signed-off-by: Christian Blichmann <cblichmann@google.com>
2019-03-18 19:00:48 +01:00